If you discover a security vulnerability in glirastes, please report it privately. Do not open a public GitHub issue.
Email: security@chainmatics.net
Alternatively, use GitHub's private vulnerability reporting.
We will:
- Acknowledge your report within 2 business days
- Provide an initial assessment within 5 business days
- Coordinate a fix and public disclosure, typically within 90 days of the initial report
When the fix ships, we publish a GitHub Security Advisory and credit the reporter (unless anonymity is preferred).
Only the latest released minor version of glirastes receives security
updates. Please upgrade before reporting issues against older versions.
In scope:
- The
glirastesnpm package and its subpath exports - Code in this repository
Out of scope:
- Third-party dependencies (please report directly to the upstream maintainer)
- The Glirastes platform / Citadel (closed source, separate disclosure path)
We will not pursue legal action against researchers who:
- Make a good-faith effort to avoid privacy violations, data destruction, and service disruption
- Report findings privately as described above
- Give us a reasonable window to remediate before public disclosure